In order to determine the legislation that must be observed, first find out whether your activity is subject to a specific law.
When it comes to GDPR, it is difficult to imagine a company, especially in European Union, which will not be the focus of this law. However, not all that the company does with the data will be considered the processing of personal data.
Definitely, any information relating to the identified person is personal data. Questions may arise with information that relates to a person who can be identified (identifiable person). Indeed, even pseudonymised data fall under this category.
It is necessary to properly classify data that can form only individual attributes, but not be personal data, and this is the identifier and factor (s). The law gives a general idea of these attributes. But it determines the critical mass of these attributes after the accumulation of which the data becomes personalized.
In the preamble to the law, it is asked for a rational approach in the possibility of transferring data to the category of personal data. So be rational indeed!
As a result of a small analysis, I discovered two sources in the field of data protection, and these are two European structures differing only in one letter of four: EDPB and EDPS, which means Board and Superviser, respectively. But it is no the sole difference.
EDPB is based on the so-called Article 29 Working Party. The results of their work consist in the interpretation of the law on the protection of personal data, previously a directive, and now a regulation known as GDPR.
A number of works of Article 29 Working Party were taken over and can be used at the present time, some of them remain historical documents. Now, for me at least, their expected documents are related to certification and codes of conduct.
EDPS is another structure that I understand provides among other functions the administration of the Board. But which in its functions also covers the work of European structures in the field of personal data security under a separate law, as well as actively follow the technologies and, accordingly, the data in the broad sense of the word, not only personal data. Here is one of the published work of this structure of Smart glasses and data protection.
It is difficult to realize, but at the moment there is an imperceptible revaluation of values. In which the mobile phone begins to play a very indispensable role. Those qualities and those properties that we use and which have been ousted from the world of things, for example, a clock, a camera, a voice recorder, a notebook, a flashlight, etc., are complemented by one very valuable feature – the authenticator.
Increasingly, and for the most part enforced, we, as users, are switching to multi-factor authentication. In addition to knowing the password, pin-code, we are required to have something. Security requires additional evidence that an anonymous user for the system is you. The system has not gone, or has not yet gone the way of identification with biometric data (and may not be able to go due to the heightened requirements of the GDPR for sensitive data — which are biometric data). More often, we are faced with the need to use a calculator, codes, code cards, enter the code from SMS and (!!!) give confirmation from a specially application on the phone.
“For me, charging a daily smartphone is a ritual that cannot be missed.”
The latest authentication tool is actively supported by banks. Google in the proposed dual-authentication conveniently used the same device. In this lie both pluses and huge minuses. The main disadvantage is the health and performance of the device. For me, charging a daily smartphone is a ritual that cannot be missed. A low battery charge is the same as an empty tank in the desert where there is not a living soul for 200-300 kilometers.
Banks have pretty strongly established dependence on this authentication tool. But can it be considered reliable, really reliable. Recently, a bank authenticator, which I use, has literally failed for several minutes. I certainly wanted to make a money transfer and then I remembered the code cards that were still stored in my wallet. Hurray, I thought, and … I could not move beyond the field – a permanent password. I have not used it for more than a year, changing it regularly at the request of the same bank.
“But what happens if one easy authentication fails? “
Google has a number of alternatives, perhaps many of them are not reliable, but there are alternatives. Banks, for example, offer (inconvenient) calculators and convenient applications. But what happens if one easy authentication fails? While I did not find the answer, I still hope for the operability of the device and software, although from the point of view of risks this situation moves from the category of low-medium risks to non-permissible ones.
Having received today the annual report from Google according to my timeline, and I understood – the cost of one of the most expensive assets of the world – personal data, is currently incommensurable low.
And the recent scandal with Facebook and Cambridge Analytica has proved it. The users of the social network are very carefree and, most importantly, for free. In that case they opened up access to the application “This Is Your Digital Life” and shared their data with an unknown developer. Yes, no doubt he (developer) did not specify the purpose of use. But users shared info easily, quickly and massively. And at the same time they were paid for the data!
You might ask – what is this fee? It must be millions or billions of dollars divided between users? Nowadays, when a short computer cipher – gibberish can cost more than a good used car, I mean bitcoin at the peak of its popularity.
No! This fee is an entertainment, a fun, a state that passes within a minute, well, max five.
Yes, it is this “gold of the 21st century” that now spreads to the right and to the left. And I, among other things, also give this “gold” for the price of scrap metal. There is something to think about. Or rather, there is reason to think that not only entertainment should serve as a price. I use, e.g., the geo-data register for reports, and maybe I will need them for writing memor in the future. But what can you get from filling in a primitive Facebook test? Think about it. And be vigilant.
lai izbeigtu histēriju par to ko drīkst un ko nedrīkst, jo patiesība ir līkumā nevis forumos, komentāros un ttl.;
jāizprot reālie riski, jo ir obligātās lietas, kuras ir jāizpilda vadoties pēc uzņēmuma/organizācijas lieluma, specifikas un apstrādājamiem datiem;
jālieto kopīgā un pareizā terminoloģija, kura noderēs komunikācija ar datu subjektiem;
sertifikācijas principi ir atrunāti bet vēl na realizēti, un tiem būs nozīmīgā loma, piemēram, meklējot un atlasot sadarbības partnerus un pakalpojumu sniedzējus;
piekrišanas veids ir pats pēdējais risinājums, jo šis ir vienmēr extra prasība, kuru nevar pamatot ne ar likumu, ne ar līguma nepieciešamību, t.i. pēc būtības jūsu untums., bet datu subjektam papildus maksa.